PT-2020-6733 · Libvirt+4 · Libvirt+4

Published

2020-03-25

Updated

2024-11-13

CVE-2020-12430

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libvirt versions 4.10.0 through 6.0

Description The issue is related to a memory leak in the virDomainListGetStats libvirt API, which is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. The memory leak is caused by incorrect memory release before removing the last reference.

Recommendations For libvirt versions 4.10.0 through 6.0, update to version 6.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the virDomainListGetStats API to minimize the risk of exploitation. Avoid using the domstats command until the issue is resolved.

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2020-1595

ALT-PU-2021-1690

ALT-PU-2021-1965

BDU:2022-05833

CVE-2020-12430

DLA-3778-1

MGASA-2020-0250

OPENSUSE-SU-2024:14490-1

SUSE-SU-2020:1208-1

SUSE-SU-2020:1277-1

USN-4371-1

Affected Products

Alt Linux

Astra Linux

Suse

Ubuntu

Libvirt

PT-2020-6733 · Libvirt+4 · Libvirt+4

CVE-2020-12430

Weakness Enumeration

Related Identifiers

Affected Products

References · 50